All Entries in the "Server Administration Utilities" Category

When I got my new dedicated server setup with Ubuntu server 12.04 LTS, I wanted to use it both for website hosting and multiple users remote desktop work.
It took me some time to arrange all the steps to have the above completed, and as far as the hosting part was pretty easy, the multiple Ubuntu users desktop setup needed some jugs of coffee before start working as I wanted it.

So, I presume you have logged in to your server with some user already, so we will stat with updating the system:

Shell

1

sudo apt-getupdate

Next, as I want all Gnome desktop features, will install it completely with:

Shell

1

sudo apt-getinstall ubuntu-desktop

Unity looks fancy, but I want the old Gnome panel, and I do not need “compiz”, so:

Shell

1

2

3

sudo apt-getremove compix unity

sudo apt-getinstall gnome-panel

Next what we need is a VNC server.

Shell

1

sudo apt-getinstall vnc4server

The tricky part here is that you have to create several configuration files for the Ubuntu Remote Desktop user. This is really time consuming if you have to read all the settings and creating the files by yourself.

It is more easy to start the VNC server which will create the files automatically:

Shell

1

vnc4server:2

You will be asked for a password so enter it, and then kill the server as we have to make some configuration changes:

Shell

1

vnc4server-kill:2

Edit the xstartup configuration file:

Shell

1

vi.vnc/xstartup

And make it looks like this:

Shell

1

2

3

4

5

6

7

8

9

#!/bin/sh

[-x/etc/vnc/xstartup]&&exec/etc/vnc/xstartup

[-r$HOME/.Xresources]&&xrdb$HOME/.Xresources

xsetroot-solid grey

vncconfig-iconic&

x-window-manager&

gnome-panel&

gnome-session&

Now you can start the vnc server with this:

Shell

1

vnc4server:2-geometry1024x768-depth24

Certainly you can change the settings if you want different Remote Desktop geometry.

Now use your preferred VNC client – http://remmina.sourceforge.net/ (Linux) and http://www.tightvnc.com/download.php (Windows) are my suggestions – and connect to the Ubuntu Remote Desktop server using x.x.x.x:2 as (:2) is the number of display used to run for the client. If you have more than one running you should use different number at the end.

As I saying different desktops, I am going to add another user to my Ubuntu Remote Desktop server.
For this I will need to repeat the above steps for creating (and starting) the VNC profile for each user. This one is not yet automatically implemented, but it is not a big deal.
First I will add another user:

Shell

1

sudo adduser newuser

Complete the several steps for creating the user which is including creating the password and user personal information.
(A little trick when you want to add user with administrative privileges is to type the command as : adduser admin
)
Then start the VNC server once to create the VNC password:

Shell

1

2

sudo su newuser vnc4server:3

sudo su newuser vnc4server-kill:3

Open VNC startup file for the ‘newuser’

Shell

1

sudo vi/home/newuser/.vnc/xstartup

And paste the same configuration as for the first user:

C++

1

2

3

4

5

6

7

8

9

#!/bin/sh

[-x/etc/vnc/xstartup]&&exec/etc/vnc/xstartup

[-r$HOME/.Xresources]&&xrdb$HOME/.Xresources

xsetroot-solid grey

vncconfig-iconic&

x-window-manager&

gnome-panel&

gnome-session&

Save the file and start the service

Shell

1

sudo su newuser vnc4server:3-geometry1024x768-depth24

Now using VNC client you can connect to the new user Desktop as going to x.x.x.x:3 address.

The next step is to automate a little bit the start-up precess for these Ubuntu Remote Desktop users. Otherwise you have to start vnc4server for each user when the server is rebooted.

So, switch to root (it is just more easier) and then create vncserver folder and create file as vncservers.conf:

Shell

1

2

3

sudo su-

mkdir-p/etc/vncserver

vi/etc/vncserver/vncservers.conf

Inside put the following massive:

Shell

1

2

3

VNCSERVERS="2:user 3:newuser"

VNCSERVERARGS[2]="-geometry 1024x768 -depth 24"

VNCSERVERARGS[3]="-geometry 1024x768 -depth 24"

Where ‘user’ is the main user you are dealing with (the one we configured VNC for initially) and ‘newuser’ which is the second user are we have created. If you have more users created and the above steps for settings passwords and vnc4srver start-up completed, add more lines accordingly wit (:4),(:5) etc. screens.

This will be quick tutorial about how to convert P7B to certificate. Actually we will extract certificates from PKCS #7 file using OpenSSL.
Here I have to mention one issue which is really often met and it is with the beginning and the end of the certificate provided. It depends on the OpenSSL version, but for now if the beginning and the end of the certificate are like:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
will lead to the following error when you try to extract the SSL certificates:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: PKCS7 .
Let’s examine P7B certificate to see how to avoid such error.

Shell

1

2

3

4

5

6

7

8

9

10

-----BEGIN PKCS#7 SIGNED DATA-----

MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCBiAwggUIoAMC

AQICEDY7d91JCeFxkYLcRtsAntUwDQYJKoZIhvcNAQEFBQAwgboxCzAJBgNVBAYT

AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24g

VHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8v

[...]

AAOBgQATAt346IYA8lr4+CAMWYhiB87O9075u1mhmOXhON1OvGYY063rGPINyW0+

SpQgwzy6vWVUxq9EsxCtLGs+q9cHtriBY8X5Xi7lKmfOzTMMKteJVgMjH7O+6DoI

WbTsRTX3ilv/Zs9Qr8ZtV40ZeLe5otFX6h+aS6+6yY4Sfsa9/wAAMQAAAAAAAAA=

-----ENDPKCS#7 SIGNED DATA-----

Your certificate could be much longer as digits, but I put […] to shorten the listing on mine. Anyway if your certificate has the same beginning and end, you should change it to:

Shell

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

-----BEGIN PKCS7-----

MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCBiAwggUIoAMC

AQICEDY7d91JCeFxkYLcRtsAntUwDQYJKoZIhvcNAQEFBQAwgboxCzAJBgNVBAYT

AlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24g

VHJ1c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8v

d3d3LnZlcmlzaWduLmNvbS9ycGEgKGMpMDYxNDAyBgNVBAMTK1ZlcmlTaWduIENs

YXNzIDMgRXh0ZW5kZWQgVmFsaWRhdGlvbiBTU0wgQ0EwHhcNMTEwNzE4MDAwMDAw

WhcNMTMwOTEzMjM1OTU5WjCCAQwxEzARBgsrBgEEAYI3PAIBAxMCVVMxFzAVBgsr

BgEEAYI3PAIBAhQGTmV2YWRhMR0wGwYDVQQPExRQcml2YXRlIE9yZ2FuaXphdGlv

[...]

L29jc3AudmVyaXNpZ24uY29tMD4GA1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcD

AgYIKwYBBQUHAwMGCWCGSAGG+EIEAQYKYIZIAYb4RQEIATANBgkqhkiG9w0BAQUF

AAOBgQATAt346IYA8lr4+CAMWYhiB87O9075u1mhmOXhON1OvGYY063rGPINyW0+

SpQgwzy6vWVUxq9EsxCtLGs+q9cHtriBY8X5Xi7lKmfOzTMMKteJVgMjH7O+6DoI

WbTsRTX3ilv/Zs9Qr8ZtV40ZeLe5otFX6h+aS6+6yY4Sfsa9/wAAMQAAAAAAAAA=

-----ENDPKCS7-----

I have changed:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
to
—–BEGIN PKCS7—–
and
—–END PKCS7—–
in order to accommodate the OpenSSL “Expecting: PKCS7”

Now we can run the OpenSSL command which will extract PKCS7 certificates from the P7B file .
Note: this command works for both Linux and Windows machines with installed OpenSSL.

Shell

1

openssl pkcs7-print_certs-inpkcs7.p7b-out pem.cer

The output which prints the stored in the p7b file certificates will be similar to this one:

This tutorial contains 301 redirect checker script which I have created after spending more than half an hour searching the Internet for something suitable I can use for my needs. While I was searching I found only separate web pages with fields where you can check one – two URLs or heavy applications that can be installed, and yet not covering my needs. Certainly, there were paid 301 redirect checker solutions which can be used to check 301 Permanent Redirect, but I am not sure whether it does worth to buy such. The purpose of this checker in most cases is only to see if a particular pages redirect permanent covering the SEO (Search Engine Optimization) requirements.

In my case part of the OnlineHowTo.net is moving over Free Tutorials Submit dot com, and from SEO perspective, the tutorials moved have to be with 301 redirect to their new URLs.

I decided to write it as Linux bash 301 redirect checker script because it can be run on almost any Linux machine with curl installed and easily added to the Crontab. I believe the script is rather easy to be understood and used, even by not so experienced administrators.

What the redirect script is doing is to gather the URLs you want to check from an external file (in my case: /opt/scripts/301URLs.txt ), where every URL is placed on a separate line like this:

I chose this way as most of the get-all-urls-from-domain applications provide the listing like this, but certainly you can choose (and then modify a little bit my script) different format.
Then using simple bash loop it reads every line one by one, processing it with CURL extracting the headers (curl -I option).
Every header contains information similar to:

XHTML

1

2

3

4

5

6

HTTP/1.1301MovedPermanently

Date:Thu,18Aug201117:23:57GMT

Server:Apache/2.2.3(CentOS)

Location:http://www.freetutorialssubmit.com/ftp-voyager/109

Connection:close

Content-Type:text/html;charset=iso-8859-1

Once we have this information we can easily egrep for the 301 Moved Permanently part and if it exist, the 301 redirect checker script continues with the next URL. If the redirect is something different it writes down the URL into the /tmp/301report.txt file.

Finally the script checks whether the /tmp/301report.txt file exist – it will be created only if there is even one different from 301 Moved Permanently redirect – and will send it via e-mail to the address you have set in the EMAIL variable. If there are no such file, the script will end with no report.

Here is the whole script which you can freely use and modify as per your needs:

Shell

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

#!/bin/bash

#The subject of the mail message - can be anything.

#For example something that triggers your e-mail client filters.

SUBJECT="301 Redirect Compromised"

#Here you must change with your e-mail address.

EMAIL="mail-to-report-to@yourdomain.com"

#Temporary file I am using to store non 301 redirected URLs.

LINKS=/tmp/301report.txt

#Here I make sure this file does not exist before processing the URLs.

rm-f/tmp/301report.txt

#All URLs which should be checked are in /opt/scripts/301URLs.txt one per line.

cat/opt/scripts/301URLs.txt|whilereadline;do

L=`curl-I-s$line|egrep'^HTTP\/1\.1 301'`

sleep5

if[-z"$L"]

then

echo$line>>$LINKS

fi

done

#Check if there were non 301 redirects stored and e-mail them if any

if[-f/tmp/301report.txt]

then

mail-s"$SUBJECT""$EMAIL"<$links

fi

#EOF

To be honest, I am using a little bit modified 301 redirect checker script, which is also checking whether the redirected URL is the one I need, but it is more complicated and may confuse you if you have to modify it.
Also, more elegant solution will be if you decide to use array, but this redirect checker script fits my needs perfect.
Also I have put sleep command as if the number of the URLs is too big, it may lead to server abuse and blocking the IP you are checking the redirect from. If you do not need the script to wait 5 seconds for every URL, just remove that line.

Hope this scrip will cover your needs as well. Your comments and suggestions are welcome.

Tags

With few steps I will show you how to update missing Urchin statistics, or just to update them from the web server access logs.

You must have at least certain knowledge where the access logs are, and what is the server configuration to update Urchin.

First login to your Urchin panel as administrator, and then go to ‘Configuration ‘“ Urchin Profiles ‘“ Log manager’.
There find the domain you want to update and click on ‘Edit’ (the one with the wrench icon).

Recently I had problems with two of the servers I support because of DDoS attacks in the datacenter. Then I needed some load average reports for these servers, a script to inform me or directly to stop the network service if heavy pressure is taken.
Previously I haven’t needed load average script since the servers are just storages and those I have used were either for Fedora or Debian servers.

I decided not to ‘invent the hot water’ and went through the Internet to find solution.
Certainly the first search engine result for ‘Load average monitor script BSD server‘was at FreeBSD forums .

Unfortunately that script was not working with just copy and paste and I spend some time to graze it for my servers. The final version became this: